CVE-2016-4472

Priority
Description
The overflow protection in Expat is removed by compilers with certain
optimization settings, which allows remote attackers to cause a denial of
service (crash) or possibly execute arbitrary code via crafted XML data.
NOTE: this vulnerability exists because of an incomplete fix for
CVE-2015-1283 and CVE-2015-2716.
Notes
mdeslaurfixed in USN-2983-1 in the CVE-2015-1283-refix.patch patch
ebarrettotla uses system expat as of 1.3.5+dfsg-15
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [uses system expat])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [uses system expat])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 19.04 (Disco Dingo):not-affected (uses system expat)
Ubuntu 19.10 (Eoan):not-affected (uses system expat)
Package
Source: ayttm (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):needed
Package
Source: coin3 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):needed
Package
Source: expat (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (2.0.1-7.2ubuntu1.3)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (2.1.0-4ubuntu1.2)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.1.0-7ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.1.1-1ubuntu1)
Ubuntu 19.04 (Disco Dingo):not-affected (2.1.1-1ubuntu1)
Ubuntu 19.10 (Eoan):not-affected (2.1.1-1ubuntu1)
Patches:
Upstream:https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde
Package
Source: gdcm (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [uses system expat])
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (uses system expat)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 19.04 (Disco Dingo):not-affected (uses system expat)
Ubuntu 19.10 (Eoan):not-affected (uses system expat)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):needed
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [uses system expat])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [uses system expat])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 19.04 (Disco Dingo):not-affected (uses system expat)
Ubuntu 19.10 (Eoan):not-affected (uses system expat)
Package
Source: poco (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [uses system expat])
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (uses system expat)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 19.04 (Disco Dingo):not-affected (uses system expat)
Ubuntu 19.10 (Eoan):not-affected (uses system expat)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [uses system expat])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 19.04 (Disco Dingo):not-affected (uses system expat)
Ubuntu 19.10 (Eoan):not-affected (uses system expat)
Package
Upstream:not-affected (uses system expat)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 19.04 (Disco Dingo):not-affected (uses system expat)
Ubuntu 19.10 (Eoan):not-affected (uses system expat)
Package
Source: smart (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [code-not-compiled])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [code-not-compiled])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (code-not-compiled)
Ubuntu 18.04 LTS (Bionic Beaver):ignored (code-not-compiled)
Ubuntu 19.04 (Disco Dingo):ignored (code-not-compiled)
Ubuntu 19.10 (Eoan):ignored (code-not-compiled)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):needed
Package
Source: tdom (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 19.04 (Disco Dingo):not-affected
Ubuntu 19.10 (Eoan):not-affected
Package
Source: tla (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [1.3.5+dfsg-15])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.3.5+dfsg-15)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.3.5+dfsg-15)
Ubuntu 19.04 (Disco Dingo):not-affected (1.3.5+dfsg-15)
Ubuntu 19.10 (Eoan):not-affected (1.3.5+dfsg-15)
Package
Source: vnc4 (LP Ubuntu Debian)
Upstream:ignored
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):ignored
Ubuntu 16.04 LTS (Xenial Xerus):ignored
Ubuntu 18.04 LTS (Bionic Beaver):ignored
Ubuntu 19.04 (Disco Dingo):ignored
Ubuntu 19.10 (Eoan):ignored
Package
Source: vtk (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [uses system expat])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:not-affected (uses system expat)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system expat)
Ubuntu 19.04 (Disco Dingo):not-affected (uses system expat)
Ubuntu 19.10 (Eoan):not-affected (uses system expat)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [uses system expat])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Priority: Low
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [1.16.33-3.1ubuntu5.2])
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):needed
Package
Source: xotcl (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):needed
More Information

Updated: 2019-10-18 02:26:54 UTC (commit cccfc4426d8c1fbf582a89d981fe7fc812124543)